tcpdump capture script: check permissions to fix running in a netns

This might be all caps (=ep), or a list of all caps.

Change-Id: I75f7af6cc67e96ffb7b002591f7f7d1da9b5a51d
This commit is contained in:
Eric Wild 2022-03-30 01:43:26 +02:00 committed by Hoernchen
parent 85cc161c0d
commit c01eada147
1 changed files with 13 additions and 0 deletions

View File

@ -42,6 +42,19 @@ if [ -x $DUMPCAP ]; then
/sbin/setcap -q -v 'cap_net_admin,cap_net_raw=pie' $DUMPCAP
CAP_ERR="$?"
fi
# did we implicitly inherit all those caps because we're root in a netns?
if [ -u $DUMPCAP -o "$CAP_ERR" = "1" ]; then
getpcaps 0 2>&1 | grep -e cap_net_admin | grep -q -e cap_net_raw
CAP_ERR="$?"
fi
# did we implicitly inherit all those caps because we're root in a netns?
if [ -u $DUMPCAP -o "$CAP_ERR" = "1" ]; then
getpcaps 0 2>&1 | grep -q -e " =ep" # all perms
CAP_ERR="$?"
fi
if [ -u $DUMPCAP -o "$CAP_ERR" = "0" ]; then
CMD="$DUMPCAP -q"
else